CVE-2024-8181

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
Configurations

Configuration 1 (hide)

cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*

History

04 Sep 2024, 12:15

Type Values Removed Values Added
References
  • {'url': 'https://tenable.com/security/research/tra-2024-22-0', 'tags': ['Third Party Advisory'], 'source': 'vulnreport@tenable.com'}
  • () https://tenable.com/security/research/tra-2024-33 -

30 Aug 2024, 13:53

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de omisión de autenticación en la versión 1.8.2 de Flowise. Esto podría permitir que un atacante remoto y no autenticado acceda a los endpoints de API como administrador y le permita acceder a funciones restringidas.
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 8.1
CPE cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:*
CWE CWE-287
First Time Flowiseai flowise
Flowiseai
References () https://tenable.com/security/research/tra-2024-22-0 - () https://tenable.com/security/research/tra-2024-22-0 - Third Party Advisory

27 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 13:15

Updated : 2024-09-06 15:35


NVD link : CVE-2024-8181

Mitre link : CVE-2024-8181

CVE.ORG link : CVE-2024-8181


JSON object : View

Products Affected

flowiseai

  • flowise
CWE
CWE-287

Improper Authentication